Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Managing pcapng files

From: Jose Pedro Oliveira <jpo () di uminho pt>
Date: Wed, 07 Dec 2011 17:04:39 +0000
On 2011-12-07 16:06, Sake Blok wrote:

Hi all,

When I use my version(s) of tshark, I have a problem using tshark to save pcapng files back to file:

sake@macsake-wifi:~$ capinfos -t in.cap 
File name:           in.cap
File type:           Wireshark - pcapng
Packet size limit:   inferred: 96 bytes
sake@macsake-wifi:~$ tshark -r in.cap -w out.cap -R arp
dlsym(0x7fff5fc43ed0, py_create_dissector_handle): symbol not found
tshark: The capture file being read can't be written as a "libpcap" file.


---[snip]---


Is it just me and my version(s) of tshark or is this a general problem at the moment with handling pcapng files?


The problem appears to be on your side. No problem on this
side with wireshark-1.7.1-SVN-40068 on a Mac OS X 10.6.8:

Both these operations performed correctly:
$ sudo ~/sandbox/wireshark-1.7.1-SVN-40068/tshark -w test.pcapng
$ ~/sandbox/wireshark-1.7.1-SVN-40068/tshark -r test.pcapng \
   -w z.pcapng -R arp

The z.pcapng file only contained arp packets.

----------
 ~/sandbox/wireshark-1.7.1-SVN-40068/tshark -v
TShark 1.7.1-SVN-40068 (SVN Rev Unknown from unknown)

Copyright 1998-2011 Gerald Combs <gerald () wireshark org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.30.2, with libpcap 1.1.1, with libz 1.2.5,
without
POSIX capabilities, with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.1, without
Python, with GnuTLS 2.12.11, with Gcrypt 1.5.0, with MIT Kerberos, without
GeoIP.

Running on Mac OS 10.6.8 (Darwin 10.8.0), with locale pt_PT.UTF-8, with
libpcap
version 1.1.1, with libz 1.2.5.

Built using gcc 4.2.1 (Apple Inc. build 5666) (dot 3).
----------

Regards,
jpo
-- 
José Pedro Oliveira
* mailto:jpo () di uminho pt *
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: